The Information Sharing and Analysis Organization Standards Organization (ISAO SO) announced the leadership team selected to serve as voluntary working group leads for the six initial standards working groups. The leadership team reflects a cross section of cybersecurity talent and expertise across industry, academia and government. Executive Director, Dr. Greg White, said, “We are thrilled at the response we received from the community and the willingness of the leadership team to serve in this important role. The establishment of the working groups is a milestone for the ISAO SO.”
Outputs from the standards working groups will include principles, policies, standards and guidelines that will enable meaningful sharing and analysis of cybersecurity information. Group chairs will use a voluntary consensus standards development process to lead a core development team of diverse experts to draft standards and guideline documents. General working group membership will be open to the public for anyone seeking to comment on or stay informed regarding the efforts of each of the groups.
The initial standard working groups, leaders, and objectives are:
- ISAO Creation – Frank J. Grimmelmann, President & CEO, Intelligence Liaison Officer, ACTRA – Arizona Cyber Threat Response Alliance and Deborah Kobza, President & CEO, Global Institute for Cybersecurity + Research, will lead the group that will identify and capture the elements necessary for an interested organization to stand up an ISAO. These elements will serve as the basis for creating an ISAO and will have enough flexibility in design to fit the needs of diverse interested organizations.
- ISAO Capabilities – Denise Anderson, Chair of the National Council of ISACS and Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation (NERC), will lead the group that will identify and capture the capabilities necessary for an interested organization to effectively operate an ISAO. These capabilities will support day-to-day operation of the ISAO and support its main function: to share and receive cyber information in a timely and effective manner. Capabilities must allow for the most basic ISAO and also support more sophisticated organizations.
- Information Sharing – Kent Landfield, Director, Standards and Technology Policy, Intel Corporation and Michael Darling, Director at PwC, will lead the group that will identify and capture items and develop the guidance necessary for an interested organization to effectively share cyber threat indicators, vulnerabilities, and best practices within an ISAO or externally.
- Privacy and Security – Rick Howard, CSO, Palo Alto Networks, and David Turetsky, Partner, Akin Gump will lead the group that will identify and capture the steps to safeguard information (both Proprietary and privacy related). This group will also detail the processes and procedures required to prevent address unauthorized release or access to information not cleared for release and address how to meet federal, state, local, and tribal laws regarding privacy.
- ISAO Support – Carlos Kizzee, Executive Director, Defense Security Information Exchange, and Dr. Alex Crowther, Cyber Policy Specialist at the National Defense University, will lead a group of individuals familiar with the creation and operation of information sharing organizations who will work to support emerging ISAOs as they are created. This working group will work closely with the ISAO SO to provide assistance to emerging ISAOs.
- Government Relations – Mike Echols, Director, Cyber Joint Program Management Office U.S. Department of Homeland Security, and David Weinstein, Cybersecurity Advisor, State of New Jersey, will lead a working group that will identify and address issues associated with ISAO interactions with the intelligence community, law enforcement, US regulators, and Homeland Security.
The ISAO SO will host its next online public meeting on January 21, 2016. They will also host an in-person public forum meeting on February 9, 2016 in San Antonio, TX.